tabs

Wednesday, March 16, 2011

Forms Based Authentication in SharePoint 2010 using Sql Memebership Providers

Basically Forms Based Authentication is a part of ASP.NET. So, it supports in all versions of SharePoint which are released after ASP.NET 2.0. In SharePoint 2010 it is the same process as what we did in earlier versions like WSS 3.0 and MOSS 2007 except one thing. In SharePoint 2010 while creating a web application we have an option to choose the application authentication mode Claims Based and Classic Mode. Know more about these authentication modes here.

Creating a web application which uses Claims Based Authentication:

This is pretty much straight forward,

Open Central Administration

From Application Management - > Manage Web Applications

From the top ribbon bar, select New

From the create web application page, chose the authentication mode to “Claims Based Authentication”

Give the name of web application, chose port number, path of web application.

Chose security configuration

From Claims Authentication Types, enable both WA and FBA.

In FBA section we have to give ASP.NET Membership provider name. In my case I have used “SQLMembershipProvider” and I am not using any roles so I left it blank.

Enter Sign in page url [default one], public url and other information and click OK.

Once web application is created, then create a site collection.

Now go to Manage Web application and from the list of web applications chose the option “Authentication Providers” from the ribbon.

From the dialog box you will see the Default zone set to the Claims authentication mode. Click the Default zone link where you can see the settings.

OK, application is ready and browse the application, you will see the below screen which gives you the option to choose either Windows Authentication or Forms authentication.

The remaining part is linking our application and the Sql Server database.

Create ASPNETDB to configure membership and Role providers

This process should be done on the database server. The result of the process is a database where we can save all the user and role information.

Login to the server where SQL Server is installed.

Open command prompt and navigate to location “%Sysroot%\Microsoft.NET\Framework\v2.0.50727”.

Run the “aspnet_regsql.exe“. Which will open the ASP.NET SQL Server setup wizard?

Extract it and run it and create n number of users and roles [if you want]. Note that if you have given some name to the database other than the default name aspnetdb then in membershipseeder config file please change connection string.

Now, we are ready with database with all some test data in it.

Give specific permissions to the service accounts:

We have created the database successfully. Before we proceed,

The service account or application pool user account of our FBA application,

should have access to the database to go and get information of the users and roles. Almost in all environments the system administrators creates the service accounts we have to use in our applications. If you are not following those base rules in using service accounts then you may use different service accounts for all the three applications. In that case you have to go through all the three application we have mentioned above and give them access to database. If you are following the riles of using service accounts then may be only one service account used for all the three applications and give the service account access to database.

Modify web.config files of applications to communicate with database using providers

1. To get the users from sql server database to central administration site we have to change web.config of Central Administration site.

2. To get the users from Sql server database to web application which we created to work FBA, we have to change its web.config.

3. To login to the site using claims based authentication, it uses security token service application. So, we have to change its configuration file.

So, the site we created for FBA to work using forms authentication we have to change 3 web.config files totally.

Note: Before you are making any changes to the web.config file of any application please take the backup of it.

Adding providers for membership and role [if needed]

Before you add any providers find are there any membership or rolemanager tags in the web.config file. And add the providers [<rolemanager> and <membership>] to the <System.Web> tag. Make sure that you are not doing any changes to the existing providers. By default there are providers with name “C” and “I”. So, do not touch them and add only the providers which we are adding like “SQLRoleManager” and “SqlMembershipProvider”. Finally the <rolemanager> section and <membership> section as shown below. Highlighted in red tags are I added to web.config.

Adding providers for membership and role [if needed]

Before you add any providers find are there any membership or rolemanager tags in the web.config file. And add the providers [<rolemanager> and <membership>] to the <System.Web> tag. Make sure that you are not doing any changes to the existing providers. Finally the <rolemanager> section and <membership> section as shown below. Highlighted in red tags are I added to web.config.

Save the web.config file and we are done with configuration changes for CA.

iii. Modify web.config of Security Token Service Application

Open inetmgr from run command and open IIS. From the list of sites available expand “SharePoint Web Services” and find SecurityTokenServiceApplication.

Right click on the application and explore, which will opens the file system file location of the application. By default it will be in “%programfiles%\common files\Microsoft Shared\web server extensions\14\WebServices\SecurityToken”. Find the web.config of the application and modify it.

Adding providers for membership and role [if needed]

Before you add any providers find are there any membership or rolemanager tags in the web.config file. And add the providers [<rolemanager> and <membership>] to the <System.Web> tag. Make sure that you are not doing any changes to the existing providers. By default there are providers with name “C” and “I”. So, do not touch them and add only the providers which we are adding like “SQLRoleManager” and “SqlMembershipProvider”. Finally the <rolemanager> section and <membership> section as shown below. Highlighted in red tags are I added to web.config.

If everything goes well, then in central administration site and your FBA application people picker able to find the users in the sql server aspnetdb database. And you will successfully logged-in to the site without any issues.

I was trying to add providers for membership and role on the SecurityToken fileYou said that normly we should have By default there are providers with name “C” and “I”. i found them on the others web.config but not for the securitytoken web.config i don't see the section and section